package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.ResourceLeakDetector;
import io.netty.util.ResourceLeakDetectorFactory;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public abstract class ReferenceCountedOpenSslContext extends SslContext implements io.netty.util.f {
    private static final Integer E;
    final ReadWriteLock A;

    /* renamed from: t, reason: collision with root package name */
    protected long f20938t;

    /* renamed from: u, reason: collision with root package name */
    private final List f20939u;

    /* renamed from: v, reason: collision with root package name */
    private final int f20940v;

    /* renamed from: w, reason: collision with root package name */
    private final io.netty.util.i f20941w;

    /* renamed from: x, reason: collision with root package name */
    private final AbstractReferenceCounted f20942x;

    /* renamed from: y, reason: collision with root package name */
    final boolean f20943y;

    /* renamed from: z, reason: collision with root package name */
    final s f20944z;
    private static final io.netty.util.internal.logging.f B = InternalLoggerFactory.b(ReferenceCountedOpenSslContext.class);
    private static final int C = Math.max(1, SystemPropertyUtil.e("io.netty.handler.ssl.openssl.bioNonApplicationBufferSize", 2048));
    static final boolean D = SystemPropertyUtil.d("io.netty.handler.ssl.openssl.useTasks", false);
    private static final ResourceLeakDetector F = ResourceLeakDetectorFactory.b().c(ReferenceCountedOpenSslContext.class);
    static final k G = new k() { // from class: io.netty.handler.ssl.ReferenceCountedOpenSslContext.2
        @Override // io.netty.handler.ssl.k
        public ApplicationProtocolConfig.a a() {
            return ApplicationProtocolConfig.a.NONE;
        }

        @Override // io.netty.handler.ssl.k
        public ApplicationProtocolConfig.c b() {
            return ApplicationProtocolConfig.c.CHOOSE_MY_LAST_PROTOCOL;
        }

        @Override // io.netty.handler.ssl.a
        public List c() {
            return Collections.emptyList();
        }
    };

    /* loaded from: classes2.dex */
    private static final class DefaultOpenSslEngineMap implements s {
        private DefaultOpenSslEngineMap() {
            PlatformDependent.n0();
        }

        /* synthetic */ DefaultOpenSslEngineMap(a aVar) {
            this();
        }
    }

    /* loaded from: classes2.dex */
    class a extends AbstractReferenceCounted {
        a() {
        }

        @Override // io.netty.util.AbstractReferenceCounted
        protected void c() {
            ReferenceCountedOpenSslContext.this.u();
            if (ReferenceCountedOpenSslContext.this.f20941w != null) {
                ReferenceCountedOpenSslContext.this.f20941w.c(ReferenceCountedOpenSslContext.this);
            }
        }

        @Override // io.netty.util.f
        public io.netty.util.f i(Object obj) {
            if (ReferenceCountedOpenSslContext.this.f20941w != null) {
                ReferenceCountedOpenSslContext.this.f20941w.b(obj);
            }
            return ReferenceCountedOpenSslContext.this;
        }
    }

    static {
        Integer num = null;
        try {
            String b9 = SystemPropertyUtil.b("jdk.tls.ephemeralDHKeySize");
            if (b9 != null) {
                try {
                    num = Integer.valueOf(b9);
                } catch (NumberFormatException unused) {
                    B.b("ReferenceCountedOpenSslContext supports -Djdk.tls.ephemeralDHKeySize={int}, but got: " + b9);
                }
            }
        } catch (Throwable unused2) {
        }
        E = num;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public ReferenceCountedOpenSslContext(Iterable iterable, b bVar, k kVar, long j8, long j9, int i8, Certificate[] certificateArr, c cVar, String[] strArr, boolean z8, boolean z9, boolean z10, Map.Entry... entryArr) {
        super(z8);
        w wVar;
        this.f20942x = new a();
        this.f20944z = new DefaultOpenSslEngineMap(0 == true ? 1 : 0);
        this.A = new ReentrantReadWriteLock();
        OpenSsl.d();
        if (z9 && !OpenSsl.i()) {
            throw new IllegalStateException("OCSP is not supported.");
        }
        if (i8 != 1 && i8 != 0) {
            throw new IllegalArgumentException("mode most be either SSL.SSL_MODE_SERVER or SSL.SSL_MODE_CLIENT");
        }
        boolean z11 = D;
        if (entryArr != null) {
            wVar = null;
            for (Map.Entry entry : entryArr) {
                SslContextOption sslContextOption = (SslContextOption) entry.getKey();
                if (sslContextOption == p.f21004y) {
                    ((Boolean) entry.getValue()).booleanValue();
                } else if (sslContextOption == p.f21003x) {
                    z11 = ((Boolean) entry.getValue()).booleanValue();
                } else if (sslContextOption == p.f21005z) {
                    wVar = (w) entry.getValue();
                } else {
                    B.b("Skipping unsupported " + SslContextOption.class.getSimpleName() + ": " + entry.getKey());
                }
            }
        } else {
            wVar = null;
        }
        this.f20941w = z10 ? F.l(this) : null;
        this.f20940v = i8;
        if (j()) {
        } else {
            c cVar2 = c.NONE;
        }
        this.f20943y = z9;
        if (certificateArr != null) {
        }
        List asList = Arrays.asList(((b) ObjectUtil.b(bVar, "cipherFilter")).a(iterable, OpenSsl.f20915c, OpenSsl.a()));
        this.f20939u = asList;
        try {
            boolean j10 = OpenSsl.j();
            try {
                this.f20938t = SSLContext.make(j10 ? 62 : 30, i8);
                StringBuilder sb = new StringBuilder();
                StringBuilder sb2 = new StringBuilder();
                try {
                    if (asList.isEmpty()) {
                        SSLContext.setCipherSuite(this.f20938t, "", false);
                        if (j10) {
                            SSLContext.setCipherSuite(this.f20938t, "", true);
                        }
                    } else {
                        CipherSuiteConverter.c(asList, sb, sb2, OpenSsl.g());
                        SSLContext.setCipherSuite(this.f20938t, sb.toString(), false);
                        if (j10) {
                            SSLContext.setCipherSuite(this.f20938t, sb2.toString(), true);
                        }
                    }
                    int options = SSLContext.getOptions(this.f20938t) | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_CIPHER_SERVER_PREFERENCE | SSL.SSL_OP_NO_COMPRESSION | SSL.SSL_OP_NO_TICKET;
                    SSLContext.setOptions(this.f20938t, sb.length() == 0 ? options | SSL.SSL_OP_NO_SSLv2 | SSL.SSL_OP_NO_SSLv3 | SSL.SSL_OP_NO_TLSv1 | SSL.SSL_OP_NO_TLSv1_1 | SSL.SSL_OP_NO_TLSv1_2 : options);
                    long j11 = this.f20938t;
                    SSLContext.setMode(j11, SSLContext.getMode(j11) | SSL.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
                    Integer num = E;
                    if (num != null) {
                        SSLContext.setTmpDHLength(this.f20938t, num.intValue());
                    }
                    List c9 = kVar.c();
                    if (!c9.isEmpty()) {
                        String[] strArr2 = (String[]) c9.toArray(new String[0]);
                        int x8 = x(kVar.b());
                        int i9 = p0.f21006a[kVar.a().ordinal()];
                        if (i9 == 1) {
                            SSLContext.setNpnProtos(this.f20938t, strArr2, x8);
                        } else if (i9 == 2) {
                            SSLContext.setAlpnProtos(this.f20938t, strArr2, x8);
                        } else {
                            if (i9 != 3) {
                                throw new Error();
                            }
                            SSLContext.setNpnProtos(this.f20938t, strArr2, x8);
                            SSLContext.setAlpnProtos(this.f20938t, strArr2, x8);
                        }
                    }
                    SSLContext.setSessionCacheSize(this.f20938t, j8 <= 0 ? SSLContext.setSessionCacheSize(this.f20938t, 20480L) : j8);
                    SSLContext.setSessionCacheTimeout(this.f20938t, j9 <= 0 ? SSLContext.setSessionCacheTimeout(this.f20938t, 300L) : j9);
                    if (z9) {
                        SSLContext.enableOcsp(this.f20938t, h());
                    }
                    SSLContext.setUseTasks(this.f20938t, z11);
                    if (wVar != null) {
                        SSLContext.setPrivateKeyMethod(this.f20938t, new r0(this.f20944z, wVar));
                    }
                } catch (SSLException e9) {
                    throw e9;
                } catch (Exception e10) {
                    throw new SSLException("failed to set cipher suite: " + this.f20939u, e10);
                }
            } catch (Exception e11) {
                throw new SSLException("failed to create an SSL_CTX", e11);
            }
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void A(long j8, X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        long j9;
        long j10;
        long B2;
        long j11 = 0;
        g0 g0Var = null;
        try {
            try {
                io.netty.buffer.j jVar = io.netty.buffer.j.f19606a;
                g0Var = j0.d(jVar, true, x509CertificateArr);
                j10 = B(jVar, g0Var.retain());
                try {
                    B2 = B(jVar, g0Var.retain());
                    if (privateKey != null) {
                        try {
                            j11 = C(jVar, privateKey);
                        } catch (SSLException e9) {
                            throw e9;
                        } catch (Exception e10) {
                            e = e10;
                            throw new SSLException("failed to set certificate and key", e);
                        }
                    }
                } catch (SSLException e11) {
                    throw e11;
                } catch (Exception e12) {
                    e = e12;
                } catch (Throwable th) {
                    th = th;
                    j9 = 0;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (SSLException e13) {
            throw e13;
        } catch (Exception e14) {
            e = e14;
        } catch (Throwable th3) {
            th = th3;
            j9 = 0;
            j10 = 0;
        }
        try {
            SSLContext.setCertificateBio(j8, j10, j11, str == null ? "" : str);
            SSLContext.setCertificateChainBio(j8, B2, true);
            v(j11);
            v(j10);
            v(B2);
            g0Var.release();
        } catch (SSLException e15) {
        } catch (Exception e16) {
            e = e16;
            throw new SSLException("failed to set certificate and key", e);
        } catch (Throwable th4) {
            th = th4;
            j9 = B2;
            v(j11);
            v(j10);
            v(j9);
            if (g0Var != null) {
                g0Var.release();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long B(io.netty.buffer.j jVar, g0 g0Var) {
        try {
            ByteBuf content = g0Var.content();
            if (content.h1()) {
                return w(content.e2());
            }
            ByteBuf g9 = jVar.g(content.Y1());
            try {
                g9.K2(content, content.Z1(), content.Y1());
                long w8 = w(g9.e2());
                try {
                    if (g0Var.c0()) {
                        SslUtils.o(g9);
                    }
                    return w8;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    if (g0Var.c0()) {
                        SslUtils.o(g9);
                    }
                    throw th;
                } finally {
                }
            }
        } finally {
            g0Var.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long C(io.netty.buffer.j jVar, PrivateKey privateKey) {
        if (privateKey == null) {
            return 0L;
        }
        g0 g9 = h0.g(jVar, true, privateKey);
        try {
            return B(jVar, g9.retain());
        } finally {
            g9.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long D(io.netty.buffer.j jVar, X509Certificate... x509CertificateArr) {
        if (x509CertificateArr == null) {
            return 0L;
        }
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("certChain can't be empty");
        }
        g0 d9 = j0.d(jVar, true, x509CertificateArr);
        try {
            return B(jVar, d9.retain());
        } finally {
            d9.release();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static k E(ApplicationProtocolConfig applicationProtocolConfig) {
        if (applicationProtocolConfig == null) {
            return G;
        }
        int i8 = p0.f21006a[applicationProtocolConfig.a().ordinal()];
        if (i8 != 1 && i8 != 2 && i8 != 3) {
            if (i8 == 4) {
                return G;
            }
            throw new Error();
        }
        int i9 = p0.f21008c[applicationProtocolConfig.b().ordinal()];
        if (i9 != 1 && i9 != 2) {
            throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.b() + " behavior");
        }
        int i10 = p0.f21007b[applicationProtocolConfig.c().ordinal()];
        if (i10 == 1 || i10 == 2) {
            return new q(applicationProtocolConfig);
        }
        throw new UnsupportedOperationException("OpenSSL provider does not support " + applicationProtocolConfig.c() + " behavior");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean G(X509TrustManager x509TrustManager) {
        return PlatformDependent.j0() >= 7 && (x509TrustManager instanceof X509ExtendedTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509TrustManager s(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return PlatformDependent.j0() >= 7 ? OpenSslX509TrustManagerWrapper.c((X509TrustManager) trustManager) : (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("no X509TrustManager found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509KeyManager t(KeyManager[] keyManagerArr) {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new IllegalStateException("no X509KeyManager found");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void u() {
        Lock writeLock = this.A.writeLock();
        writeLock.lock();
        try {
            long j8 = this.f20938t;
            if (j8 != 0) {
                if (this.f20943y) {
                    SSLContext.disableOcsp(j8);
                }
                SSLContext.free(this.f20938t);
                this.f20938t = 0L;
                OpenSslSessionContext z8 = z();
                if (z8 != null) {
                    z8.a();
                }
            }
        } finally {
            writeLock.unlock();
        }
    }

    static void v(long j8) {
        if (j8 != 0) {
            SSL.freeBIO(j8);
        }
    }

    private static long w(ByteBuf byteBuf) {
        try {
            long newMemBIO = SSL.newMemBIO();
            int Y1 = byteBuf.Y1();
            if (SSL.bioWrite(newMemBIO, OpenSsl.l(byteBuf) + byteBuf.Z1(), Y1) == Y1) {
                return newMemBIO;
            }
            SSL.freeBIO(newMemBIO);
            throw new IllegalStateException("Could not write data to memory BIO");
        } finally {
            byteBuf.release();
        }
    }

    private static int x(ApplicationProtocolConfig.c cVar) {
        int i8 = p0.f21007b[cVar.ordinal()];
        if (i8 == 1) {
            return 0;
        }
        if (i8 == 2) {
            return 1;
        }
        throw new Error();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static v y(KeyManagerFactory keyManagerFactory, String str) {
        return keyManagerFactory instanceof OpenSslX509KeyManagerFactory ? ((OpenSslX509KeyManagerFactory) keyManagerFactory).c() : keyManagerFactory instanceof n ? ((n) keyManagerFactory).a(str) : new v(t(keyManagerFactory.getKeyManagers()), str);
    }

    @Override // io.netty.util.f
    public final int V() {
        return this.f20942x.V();
    }

    @Override // io.netty.handler.ssl.SslContext
    public final boolean h() {
        return this.f20940v == 0;
    }

    @Override // io.netty.util.f
    public final io.netty.util.f i(Object obj) {
        this.f20942x.i(obj);
        return this;
    }

    @Override // io.netty.util.f
    public final boolean release() {
        return this.f20942x.release();
    }

    @Override // io.netty.util.f
    public final io.netty.util.f retain() {
        this.f20942x.retain();
        return this;
    }

    public abstract OpenSslSessionContext z();
}
